{"id":"CVE-2020-23904","details":"A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states \"I cannot reproduce it\" and it \"is a demo program.","modified":"2026-03-14T10:21:04.978047Z","published":"2021-11-10T22:15:11.663Z","references":[{"type":"REPORT","url":"https://github.com/xiph/speex/issues/14"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/xiph/speex","events":[{"introduced":"0"},{"last_affected":"7fc5f8b88519a2aafdf4b6a5c31ef3d54b560d68"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.2-NA"}]}}],"versions":["Initial","Speex-0.0.1","Speex-0.0.2","Speex-0.0.3","Speex-0.1.0","Speex-0.1.1","Speex-0.1.2","Speex-0.2.0","Speex-0.3.0","Speex-0.4.0","Speex-0.5.0","Speex-0.8","Speex-1.0","Speex-1.0beta1","Speex-1.0beta2","Speex-1.0beta3","Speex-1.0beta4","Speex-1.0rc1","Speex-1.0rc2","Speex-1.0rc3","Speex-1.1","Speex-1.1.10","Speex-1.1.11","Speex-1.1.11.1","Speex-1.1.12","Speex-1.1.2","Speex-1.1.3","Speex-1.1.4","Speex-1.1.5","Speex-1.1.6","Speex-1.1.7","Speex-1.1.8","Speex-1.1.9","Speex-1.2.0","Speex-1.2beta1","Speex-1.2beta2","Speex-1.2beta3","Speex-1.2beta3.1","Speex-1.2beta3.2","Speex-1.2rc1","Speex-1.2rc2","speex-1.2beta2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-23904.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}